cbcvebase.
CVE-2023-26256
published 2023-02-28

CVE-2023-26256: An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the…

PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
11.62%
95.5th percentile
An unauthenticated path traversal vulnerability affects the "STAGIL Navigation for Jira - Menu & Themes" plugin before 2.0.52 for Jira. By modifying the fileName parameter to the snjFooterNavigationConfig endpoint, it is possible to traverse and read the file system.

Affected

1 ranges
VendorProductVersion rangeFixed in
stagilstagil_navigation< 2.0.522.0.52

Detection & IOCsextracted from sources · hover to see the quote

url/plugins/servlet/snjFooterNavigationConfig?fileName=../../../../etc/passwd&fileMime=$textMime
path/plugins/servlet/snjFooterNavigationConfig
  • Look for GET requests to /plugins/servlet/snjFooterNavigationConfig with a fileName parameter containing path traversal sequences (e.g., ../../../../etc/passwd).
  • Responses containing the literal string '$textMime' in the HTTP header indicate successful exploitation of the LFI vulnerability.
  • Responses matching the regex 'root:[x*]:0:0' in the body confirm /etc/passwd file read via path traversal.
  • Use Shodan/FOFA queries targeting Jira instances (title:Jira / title=jira) to identify potentially vulnerable exposed endpoints.
  • ·The vulnerability is unauthenticated (PR:N/UI:N), meaning no credentials are required to exploit the path traversal via the fileName parameter.
  • ·The fileMime parameter value '$textMime' appears literally in the response header upon successful exploitation and can serve as a reliable detection signal.
  • ·EPSS score of 0.9177 (99.687th percentile) indicates very high likelihood of active exploitation in the wild.

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.